WINSpect-Powershell based Windows Auditing Tool

WINSpect is the PowerShell based windows auditing tool to enumerate and identify security weaknesses with windows platform and results of this audit can be useful for further hardening.Download the WINSpect Tool Here.

Installation

Open the Powershell with admin privileges and run the script

Features of this script – Windows Auditing Tool

WINSpect script provides audit checks and enumeration

Installed security products

World-exposed local filesystem shares

Domain users and groups with local group membership

Registry autoruns

Local services that are configurable by Authenticated Users group members

Local services for which corresponding binary is writable by Authenticated Users group members

Registry keys with autorun:

DLL Hijackable & Hosted service – Windows Auditing Tool

Above Figure shows script checks whether the DLL is hijackable or not and also hosted service status.

Scheduled tasks – Windows Auditing Tool

Above Figure shows script checks scheduled tasks.

WINSpect is very handy Windows Auditing Tool for quick assessments of security weaknesses and needs further hardening.

For depth understanding of the Windows Registry, we recommend referring our Windows Registry Analysis. The truth is that the Registry is a veritable goldmine of information for both the administrator and forensics investigator.